Arshan Dabirsiaghi has announced a new paper discussion switching HTTP VERBS to bypass authorization checking in certain web frameworks. In the paper he also outlines how some web frameworks default to allowing HTTP methods not explicitly defined as 'protected' resources. I highly recommend reading this paper as well as the mailing thread....
Cool hack: Man exploits random deposit verification flows to steal $50,000
"A California man has been indicted for an inventive scheme that allegedly siphoned $50,000 from online brokerage houses E-trade and Schwab.com in six months -- a few pennies at a time. Michael Largent, of Plumas Lake, California, allegedly exploited a loophole in a common procedure both companies follow when a customer links...
How NOT to handle finding vulnerabilities at your company
UPDATED Link to Steve's interview with CrYpTiC_MauleR added below. At first I wasn't going to post about this but since it doesn't seem to be dying I will. Long story short 1. A Low level techie finds weaknesses/vulnerabilities at the company he works for (TJX) 2. ?He reports these issues to who...
PCI DSS compliance: Web application firewall or code review?
Michelle Davidson writes "SearchSoftwareQuality.com recently posted an article on clarifications made to requirement 6.6 of the PCI Data Security Standard and explains the options companies have to comply with it. Jeremiah Grossman and other app sec experts were interviewed for the article . Below is the information." I don't usually link to...
Whitepaper: DoS Attacks Using SQl Wildcards
Ferruh Mavituna has just published a whitepaper titled "DoS Attacks Using SQL Wildcards" where he discusses CPU utilization based dos against SQL Server where user data is thrown into sql statements. That is all. Whitepaper Link: http://www.portcullis-security.com/uplds/wildcard_attacks.pdf
Apache Debates the Apache UTF-7 XSS
There is a great debate on the bugtraq mailing list regarding the apache utf7 xss issue. In this debate William Rowe (Apache) discusses why the Apache utf7 vulnerability is in fact not a vulnerability in Apache but in Internet Explorer for not following specifications properly. William first posted to bugtraq http://seclists.org/bugtraq/2008/May/0166.html with...
Bots Use SQL Injection Tool in Web Attack
"The Asprox botnet, a relatively small botnet known mainly for sending phishing emails, has been spotted in the last few days installing an SQL injection attack tool on its bots. The bots then Google for .asp pages with specific terms -- and then hit the sites found in the search return with...
Bots Use SQL Injection Tool in Web Attack and Rant
"The Asprox botnet, a relatively small botnet known mainly for sending phishing emails, has been spotted in the last few days installing an SQL injection attack tool on its bots. The bots then Google for .asp pages with specific terms -- and then hit the sites found in the search return with...
Tools: Peach Fuzzer Framework 2.1 BETA2 Released
The following was sent to the daily dave list today by Michael Eddington "The latest in the Peach 2 series has been posted. This release includes many bug fixes, features, improvements, and supersedes 2.0 as the recommended version to use. * Fuzzers written in XML by defining data definitions * Unittests to...
Tools: The Browserrecon Project
"Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks. Client-based attacks, especially targeting web clients, are becoming more...
Tool Release: tmin: Fuzzing test case optimizer
Michal Zalewski has released tmin. From his announcement to bugtraq "I'd like to announce tmin - a free, quick, and handy tool to quickly and effortlessly minimize the size and syntax of complex test cases in automated security testing. I found the tool to be remarkably useful, as it saved me from...
Layer 1 attack shuts down Peter Gabriel website
As reported by thereg Peter Gabriel's website was attacked this morning, this time at layer 1. From www.petergabriel.com "Real World, Peter Gabriel and WOMAD web services are currently off-line. Our servers were stolen from our ISP's data centre on Sunday night - Monday morning. We are working on restoring normal service as...
Good Worms Are a Bad Idea
"Some bad ideas seem to live on forever. One of the big ones in computers is to use hacker tactics to perform white-hat operations on an Internet scale. The classic example of this is the "good worm" idea: a worm that spreads among computers to improve their security. There have been attempts...
Whitepaper: Access through access by Brett Moore, attacking Microsoft Access
Brett Moore has published a great document on how to SQL Inject applications utilizing Microsoft Access. He discusses default tablenames, sandboxing, reading local files and more. There aren't many good papers on attacking MS Access and this is WELL worth the read. From the paper ""MS Access is commonly thought of as...